Two security researchers from Black Hat this week revealed a method in which a MacBook can be broken into and taken control of. In fact, the intrusion method is at such a low level that even firewalls and anti-virus applications can't help. Based on flaws in wireless network driver design, Apple's line of MacBooks -- and MacBook Pros -- allows an attacker to remotely bypass the security of the laptop and the operating system.

Jon Ellch and David Maynor from Black Hat say that drivers for Apple's notebooks are developed not in house, but outside using contracted development companies. Ellch says that often times, these development people are under so much pressure from higher management to get working drivers so that companies can rush our products to market. Under circumstances like this, drivers for devices such as wireless network processors enter "the wild" in an untested state.

However, Mayner said that "we're not picking specifically on Macs here, but if you watch those 'Get a Mac' commercials enough, it eventually makes you want to stab one of those users in the eye with a lit cigarette or something." Mayner cites that many of Apple's commercials claim that Macs don't suffer from the same security vulnerabilities that PCs do but in fact, they do.

The team at Black Hat demonstrated that they could circumvent the Wi-Fi security and OS level security in a MacBook and within just 60 seconds, were able to take complete control of the machine. Black Hat demonstrated the technique through a pre-recorded video to prevent anyone from intercepting the wireless network traffic to deconstruct the attack and release it elsewhere. Black Hat said that it has been in contact with both Apple and Microsoft, because the vulnerability exists on both sides.

Comments

Threshold

Username

Password

remember me

This article is over a month old, voting and posting comments is disabled

quote: Most *nix OSes were designed with security as a primary concern since day one

No, they weren't. They were designed with security in the sense of prohibiting users from being able to do this-and-that. But they were all programmed in C/C++ without any understanding of the types of security attacks that are so common today, e.g., stack overflow and buffer overrun attacks. Unix and similar operating systems did not recognize this type of security at all - zero, nill, nada.

quote: No, they weren't. They were designed with security in the sense of prohibiting users from being able to do this-and-that. But they were all programmed in C/C++ without any understanding of the types of security attacks that are so common today, e.g., stack overflow and buffer overrun attacks. Unix and similar operating systems did not recognize this type of security at all - zero, nill, nada.

and you have just proved my point.

quote: They were designed with security in the sense of prohibiting users from being able to do this-and-that.

Since back then there was not threats like viruses going around they made their OSes secure buy preventing the them from the only known threats they knew of back then. How could they protect the OS from stack overflow and buffer overrun attacks, back then no one really understood what those were so I would be hard to really protect against such things.

quote: Since back then there was not threats like viruses going around they made their OSes secure buy preventing the them from the only known threats they knew of back then.

Well, I told TomZ almost the same stuff, that Unix was designed with security in mind, but I should have added that "early Windows versions were designed with LESS security in mind than Unix" - that'd be more correct. If you compare Unix and NT they are pretty close, with NT having more flexible permission/access rights system than classic Unix, however MS made a major mistake by not following PHILOSOPHY of Unix and instead following DOS/Win95 philosophy - I mean they permitted users to live as system administrators, it was perfectly OK in NT, while was seriously frowned upon in Unix - so now we got the consequences - very nice NT security is rendered useless in MASSIVE amounts in all the millions of home PCs runnig XP or Win2K in admin mode, because it's so much easier.

> "Since back then there was not threats like viruses going around they made [*nix] OSes secure buy preventing the them from the only known threats they knew of back then"

Um, the first computer viruses appeared in the early 1980s, long before Linux was written, and long before OpenBSD, FreeBSD, and nearly all other desktop Unix OSes were forked.

Even assuming your statement was correct, how do you feel Windows was any different? If the "only threat at the time" was from other users, then Windows, which began as a single-user non-networked OS, was immune by default.